Learn how to :
- Use the NeXpose and Metasploit
- Best utilize these tools in order to perform penetration testing or security assessment of your organization.
- How to exploit the discovered vulnerabilities.

ARP Poisoning Blast Course

ARP Poisoning and the Man-in-the-Middle Attack

In this course, we will conduct an Arp Poisoning/Spoofing attack using Cain and Abel. With this type of attack we can set up a Man-in-the-Middle exploit which allows us to sniff traffic between two or more workstations and capture sensitive information such as credentials.

Ray holds a bachelor’s degree in computer information systems and a master’s degree in organizational leadership. His current certifications are CISSP, CEH, CCNA, N+ and the PMP. Ray freelances as an online IT instructor that includes CISSP, CEH and CCNA courses. He has also taught for various organizations on hacking with the Metasploit framework, scripting with Python and Ruby as well as other tools used for hacking. He occasionally provides IT security consultancy for various organizations. Ray resides in Augusta, Georgia USA. He has over 15 years of military and civilian IT security and project management experience.

Requirements: In this task, we will setup two virtual machines using Virtual Box. By doing so, we are able to replicate an actual Ethernet LAN that we are able to conduct our lab in. We will be using Windows XP and/or Windows 7 for both victim workstation VM's and as the attacker. An unlicensed copy of Windows XP and 7 will work for this exercise in order to demonstrate ARP Poisoning and the Main-in-the-Middle Attack.

Requirements: By using Cain and Abel (CaA), we will conduct an ARP poisoning attack. This allows us to fool the two victim workstations in believing that they are communicating with each other; however, since we have poisoned their ARP cache, we redirect their layer 2 destination address to us as the attacker instead.

Requirements: In this task, we will replay the credentials that CaA sniffed and recorded for us. We will also crack the hash values of our victims using CaA in order to again authentication to access system resources.

Requirements: We will install Wireshark, which is an open application that allows us to analyze network traffic. It can also be used to enhance our MITM attack by sniffing information that we are looking for such as cookies.

Install Wireshark. Go to wireshark.org and download and install on attackers computer. Select default location and requirements. Ensure that our interfaces that we using are selected for our VM and not the actual host.

Task 2 – Capturing and analyzing packets.

Requirements: In this portion, we will use certain filters to allow us to look at only the critical information that we require in order to view and capture cookies.

Understand how filters work. Select our virtual interface and apply filters. Select data stream to copy and reference later as we conduct an advanced MITM attack.

Task 3 – Log into a victim VM and surf the internet.

Requirements: In order for this exploit to work, we will have to create internet activity in order to generate credentials. This allows us to simulate what an actual victim might do.

Create a bare-bone Facebook or Gmail account. Ensure your password is simple and not too complex. The more complex your password is, it will take exponentially longer to crack. Active Wireshark and conduct packet inspection.

Requirements: In this portion, we will use our filters in order to segregate the vast amount of data that Wireshark generated. By doing so, we are able to isolate and select the cookie that we need in order to replay a victim’s account.

Advanced Offensive Computer Security Training

This advanced hacking course is designed for the pentester, security professional, or hacker who is looking for an advanced course in system/network penetration. It is designed to be a hands-on, lab-oriented course using Kali Linux as a base operating system, but also using additional tools that we will add as needed. What makes this especially compelling is the section on mobile hacking, rootkits and exploit development, seldom found in basic to mid-level courses.

Keith DeBus is a former professor of computer science with over 20 years of IT experience. He is now the President of IT Securitas(www.itsecuritas.net), a leading IT security and pentesting firm. He has published numerous articles on cyber security, penetration testing, digital forensics and cyber warfare. DeBus has trained personnel from every branch of the U.S. military (Army, Air Force, Navy) and personnel from the NSA, CIA, FBI and NCIS in cyber warfare tactics. DeBus is a internationally recognized expert on cyber warfare, network “hacking” and network intrusion detection systems (NIDS). Mr. DeBus holds or has held the following IT certifications; Sec+, CEH, CPT, ECSA/LPT, CHFI, CISA, CISM and CISSP

Web Application Hacking Live Class

Our websites are under attack on a daily basis and the next security breach is just a matter of time.

This intensive hands-on course will teach you how to find those vulnerabilities in your web applications before the bad guys do. The course will introduce the various methods, tools and techniques used by attackers, in order to know how to test for the major security vulnerabilities and how to identify security bugs on real systems, by using live hacking demonstrations and hands-on labs. The objectives of the course are to teach developers and security professionals about the most dangerous vulnerabilities and how to perform security testing, and by that increasing the amount and quality of test cases that can be performed by the auditor.

This course provides intensive hands-on labs using real world applications.

8 sessions – 4 hours each – learn with instructor in real time!
With this Live Class you have a chance to really feel what it's like to hack an application!

Learn from the pro's all about how to detect and exploit application vulnerabilities:
AppSec Labs is a cutting edge application security company founded in 2010 providing organizations across the globe with high end application security services and R&D

Latest Courses

Why choose us?

Flexitime & Flexplace Studies

Hakin9 comes with yearly unlimited access to all online materials. Hakin9 offers the online IT security courses and provides you the skills needed to learn how to become the Ethical Hacker. All courses are available online and in PDF version. You decide when you will work and where you will work.

Interaction & Ability to Concentrate

Hakin9 Online Courses offer the opportunity to participate in class discussions, forum or chats with more ease than face-to-face class sessions. You won't be distracted by other participants anymore.

Become a Certified Hacker

Hakin9 offers Hakin9 Certificates. When you complete the Hakin9 courses, you will obtain the certification that will prove your practical skills. Hakin9 Certificate is the most practical and professionally oriented certification.

No matter what age you are and where you are. If you wish to become an IT security expert, you will join our online courses when you are ready and you need to expand your skill set. Hakin9 offers the new online courses every month so that you will have the opportunity to explore areas of hacking by attending various courses designed for this purpose.

Comfortable Learning Environment

All courses and other materials are available online via private, secure account created by you. The materials can be read online or can be downloaded by you in user-friendly PDF versions. There is no need to fight traffic, find parking spaces, leave work early to go to class, or miss important family time.

By YELIA MAMDOUH EL GHALY
When we start to check the PDF files that exist in our PC or laptop, we...

Testimonials

I am very happy with the issues I have downloaded. Specifically, I can say a couple of issues...Read more

Christoforos Kaldis​

0

Hakin9 is one of the best resources available for staying up to date with IT security. I love the...Read more

​Eric Jackson

Certified Network Defense Architect

I enjoyed the course and learnt lots of valuable information which I now intend to put to good use...Read more

Paul Nickolson

Administrator

S​EEKING INSTRUCTOR

WANTED: Talented ​Instructors/​Trainers

​Hakin9 is currently seeking excellent​ instructors​ of online course and live classes. This is a highly interactive course​s​ and requires the best instructors​. Th​es​e​ ​are not theory​ courses and​ class​es​​. The course​s are​ designed to give ​our members real life scenarios and practical knowledge from IT Security field.